Changelog:
Vulnerabilities fixed in this release include:
- On Windows, the listening sockets used for local port forwarding
were opened in a mode that did not prevent other processes from
also listening on the same ports and stealing some of the incoming
connections.
- In the PuTTY terminal, bracketed paste mode was broken in 0.72, in
a way that made the pasted data look like manual keyboard input. So
any application relying on the bracketing sequences to protect
against malicious clipboard contents would have been misled.
- An SSH-1 server could trigger an access to freed memory by sending
the SSH1_MSG_DISCONNECT message. Not known to be exploitable.
Other bug fixes include:
- Windows Plink no longer crashes on startup when it tries to tell
you it's reusing an existing SSH connection.
- Windows PuTTY now updates its terminal window size correctly if the
screen resolution changes while it's maximised.
- If you display the coloured error messages from gcc in the PuTTY
terminal, there is no longer a missing character if a colour change
happens exactly at the end of a line.
- If you use the 'Clear Scrollback' menu option or escape sequence
while text in the scrollback is selected, it no longer causes an
assertion failure.
Changelog:
These features were new in 0.70 (released 2017-07-08):
Security fix: the Windows PuTTY binaries should no longer be
vulnerable to hijacking by specially named DLLs in the same
directory, even a name we missed when we thought we'd fixed
this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL
hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside
the current code page, after our DLL hijacking defences broke
that too.
These features are new in 0.71 (released 2019-03-16):
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange,
which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same
directory as the executable
on Unix, remotely triggerable buffer overflow in any kind
of server-to-client forwarding
multiple denial-of-service attacks that can be triggered
by writing to the terminal
Other security enhancements: major rewrite of the crypto code
to remove cache and timing side channels.
User interface changes to protect against fake authentication
prompts from a malicious server.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic
primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and
high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened:
keystrokes typed before authentication has finished will be
buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older
GSSAPI authentication system which can keep your forwarded
Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing
an ncurses screen redraw failure), true colour, and SGR 2 dim
text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you
straight to the top or bottom of the terminal scrollback.
PuTTY 0.68, released today, supports elliptic-curve cryptography for host
keys, user authentication keys, and key exchange. Also, for the first time,
it comes in a 64-bit Windows version.
This update may create a build issue for non-BSD due to ancient functions
being different on BSD and SYSV. there's always macros if this fails.
* Avoid compilation error on tolower and char type.
Changelog:
2015-02-28 PuTTY 0.64 released, fixing a SECURITY HOLE
PuTTY 0.64, released today, fixes a security hole in 0.63 and before:
private-key-not-wiped-2. Also diffie-hellman-range-check has been argued
to be a security hole. In addition to these and other less critical bug
fixes, 0.64 also supports the major new feature of sharing an SSH connection
between multiple instances of PuTTY and its tools, and a command-line and
config option to specify the expected host key(s).
This fixes a buffer overflow which was patched in pkgsrc (CVE-2013-4852),
two other buffer overflows (CVE-2013-4206, CVE-2013-4207), and
it clears private keys after use now (CVE-2013-4208).
Other than that, there are mostly bug fixes from 0.62 and a few
small features.
2011-12-10 PuTTY 0.62 released
PuTTY 0.62 is out, containing only bug fixes from 0.61, in particular a security fix preventing passwords from being accidentally
retained in memory.
2011-11-27 PuTTY 0.62 pre-release builds available
PuTTY 0.61 had a few noticeable bugs in it (but nothing security-related), so we are planning to make a 0.62 release containing just bug
fixes. The Wishlist page lists the bugs that will be fixed by the 0.62 release. The Download page now contains pre-release snapshots of
0.62, which contain those bug fixes and should be otherwise stable. (The usual development snapshots, containing other development since
0.61, are also still available.)
2011-07-12 PuTTY 0.61 is released
PuTTY 0.61 is out, after over four years (sorry!), with new features, bug fixes, and compatibility updates for Windows 7 and various SSH
server software.
Patch provided by Jukka Salmi in PR 37056.
These features are new in beta 0.60 (released 2007-04-29):
* Pressing Ctrl+Break now sends a serial break signal. (The previous behaviour
can still be obtained with Ctrl+C.)
* Serial ports higher than COM9 now no longer need a leading \\.\.
* You can now store a host name in the Default Settings.
* Bug fix: serial connections and local proxies should no longer crash all the
time.
* Bug fix: configuring the default connection type to serial should no longer
cause the configuration dialog to be skipped on startup.
* Bug fix: "Unable to read from standard input" should now not happen, or if it
still does it should produce more detailed diagnostics.
* Bug fix: fixed some malformed SSH-2 packet generation.
* Other minor bug fixes.
Changes since 0.58:
* PuTTY can now connect to local serial ports as well as making
network connections.
* Windows PuTTY now supports "local proxying", where a network
connection is replaced by a local command. (Unix PuTTY has
supported this since it was first released in 0.54.) Also, Plink
has gained a "-nc" mode where the primary channel is replaced by
an SSH tunnel, which makes it particularly useful as the local
command to run.
* Improved speed of SSH on Windows (particularly SSH-2 key exchange
and public-key authentication).
* Improved SFTP throughput.
* Various cryptographic improvements in SSH-2, including SDCTR
cipher modes, a workaround for a weakness in CBC cipher modes, and
Diffie-Hellman group exchange with SHA-256.
* Support for the Arcfour cipher in SSH-2.
* Support for sending terminal modes in SSH.
* When Pageant is running and an SSH key is specified in the
configuration, PuTTY will now only try Pageant authentication with
that key. This gets round a problem where some servers would only
allow a limited number of keys to be offered before disconnecting.
* Support for SSH-2 password expiry mechanisms, and various other
improvements and bugfixes in authentication.
* A change to the SSH-2 password camouflage mechanism in 0.58 upset
some Cisco servers, so we have reverted to the old method.
* The Windows version now comes with documentation in HTML Help
format. (Windows Vista does not support the older WinHelp format.
However, we still provide documentation in that format, since
Win95 does not support HTML Help.)
* On Windows, when pasting as RTF, attributes of the selection such
as colours and formatting are also pasted.
* Ability to configure font quality on Windows (including
antialiasing and ClearType).
* The terminal is now restored to a sensible state when reusing a
window to restart a session.
* We now support an escape sequence invented by xterm which lets the
server clear the scrollback (CSI 3 J). This is useful for
applications such as terminal locking programs.
* Improvements to the Unix port:
+ now compiles cleanly with GCC 4
+ now has a configure script, and should be portable to more
platforms
* Bug fix: 0.58 utterly failed to run on some installations of
Windows XP.
* Bug fix: PSCP and PSFTP now support large files (greater than 4
gigabytes), provided the underlying operating system does too.
* Bug fix: PSFTP (and PSCP) sometimes ran slowly and consumed lots
of CPU when started directly from Windows Explorer.
* Bug fix: font linking (the automatic use of other fonts on the
system to provide Unicode characters not present in the selected
one) should now work again on Windows, after being broken in 0.58.
(However, it unfortunately still won't work for Arabic and other
right-to-left text.)
* Bug fix: if the remote server saturated PuTTY with data, PuTTY
could become unresponsive.
* Bug fix: certain large clipboard operations could cause PuTTY to
crash.
* Bug fix: SSH-1 connections tended to crash, particularly when
using port forwarding.
* Bug fix: SSH Tectia Server would reject SSH-2 tunnels from PuTTY
due to a malformed request.
* Bug fix: SSH-2 login banner messages were being dropped silently
under some circumstances.
* Bug fix: the cursor could end up in the wrong place when a
server-side application used the alternate screen.
* Bug fix: on Windows, PuTTY now tries harder to find a suitable
place to store its random seed file PUTTY.RND (previously it was
tending to end up in C:\ or C:\WINDOWS).
* Bug fix: IPv6 should now work on Windows Vista.
* Numerous other bugfixes, as usual.
Changes:
# Wildcards (mput/mget) and recursive file transfer in PSFTP.
# You can now save your session details from the Change Settings
dialog box, after you've started your session.
# Various improvements to Unicode support, including:
* support for right-to-left and bidirectional text (Arabic,
Hebrew etc). Thanks to arabeyes.org for design and most of
the implementation.
* support for Arabic text shaping, again thanks to arabeyes.org.
* support for Unicode combining characters.
# Support for the xterm 256-colour control sequences.
# Port forwardings can now be reconfigured in mid-session.
# Support for IPv6. Thanks to unfix.org for having patiently maintained
the patch for this until we were finally ready to integrate it.
# More configurability and flexibility in SSH-2 key exchange. In
particular, PuTTY can now initiate repeat key exchange during the
session, which means that if your server doesn't initiate it (OpenSSH
is known not to bother) you can still have the cryptographic benefits.
# Bug fix: display artefacts caused by characters overflowing their
character cell should now all be gone. (This would probably have
bothered Windows ClearType users more than anyone else.)
# Bug fix: keepalives are now supported everywhere. (Previously they
were supported by Windows GUI PuTTY, but were missing in Plink, PSFTP
and the Unix port.)
# Miscellaneous improvements for CJK/IME users; many thanks to Hung-Te
Lin for assistance.
PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.
These protocols are all used to run a remote session on a computer, over a
network. PuTTY implements the client end of that session: the end at which
the session is displayed, rather than the end at which it runs.
